REvil Ransomware Gang Goes Underground After Tor Websites Have been Compromised

REvil Ransomware Gang Goes Underground After Tor Sites Were Compromised

REvil, the infamous ransomware gang behind a string of cyberattacks in recent times, seems to have gone off the radar as soon as once more, a bit of over a month after the cybercrime group staged a shock return following a two-month-long hiatus.

The event, first noticed by Recorded Future’s Dmitry Smilyanets, comes after a member affiliated with the REvil operation posted on the XSS hacking discussion board that unidentified actors had taken management of the gang’s Tor fee portal and information leak web site.

Automatic GitHub Backups

“The server was compromised and so they had been on the lookout for me. To be exact, they deleted the trail to my hidden service within the torrc file and raised their very own in order that I’d (sic) go there. I checked on others – this was not. Good luck everybody, I am off,” consumer 0_neday stated within the put up.

As of writing, it is not clear precisely who was behind the compromise of REvil’s servers, though it would not be solely stunning if regulation enforcement companies performed a job in bringing down the domains.

The Russia-linked ransomware group attracted main scrutiny following its assaults on JBS and Kaseya earlier this yr, prompting it to take its darknet websites offline in July 2021. However on September 9, 2021, REvil made an surprising return, resurfacing each its information leak website in addition to fee and negotiation portals again on-line.

Final month, the Washington Submit reported that the U.S. Federal Bureau of Investigation (FBI) held again from sharing the decryptor with the victims of Kaseya ransomware assault for almost three weeks, which it obtained from accessing the group’s servers, as a part of a plan to disrupt the gang’s malicious actions. “The deliberate takedown by no means occurred as a result of in mid-July REvil’s platform went offline — with out U.S. authorities intervention — and the hackers disappeared earlier than the FBI had an opportunity to execute its plan,” the report added.

Prevent Data Breaches

A common decryptor was finally shared by Romanian cybersecurity agency Bitdefender in late July after buying the digital key from a “regulation enforcement companion.”

Whereas it isn’t unusual for ransomware teams to evolve, splinter, or reorganize underneath new names, the felony discipline has more and more come underneath the lens for putting essential infrastructure, whilst extra cybercriminals are recognizing the profitability of ransomware, partly bolstered by the unregulated cryptocurrency panorama, thus enabling menace actors to extort victims for digital funds with impunity.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts
Who Is BlackMatter?
Read More

Who Is BlackMatter?

Researchers piece collectively the origins of the group that made headlines this week because the perpetrator behind a…